How Web Analytics Works
Web Analytics typically works by the controller of a website, be that site a merchant site or a content publisher, placing 1x1 pixels on each page of the site. The pixels are not visible to the viewers of the page but instead are meant merely to collect data on the visitors of those pages. Note it is important to realize that size is irrelevant on the web. When a browser requests a 1x1 pixel from an analytics provider it typically passes such provider the same standard HTTP information (including cookies) that it would provide a website provider as you request its home page!
As a user passes from page to page of a site the encounter pixel after pixel and a record of their specific path through the site is recorded. This is very valuable for merchant sites in particular because it lets them know things like: how easy information was to find, how they may wish to alter navigation and where people become frustrated and leave. It also allows them to know much more about their previous customers. This is because when someone buys something from a website they necessarily pass it a good deal of personal information. This personal information is encapsulated by the merchant by an identifier called a Customer ID or an Order ID, which work as referential cookies do to look up all information about the customer or the purchase. Typically when a web user buys something from a merchant who uses analytics, the merchant maps their Customer ID to the customer's unique analytics cookie. In practice this makes the analytics cookie a proxy for the customer id and allows a mapping of data linked to the analytics cookie to be mapped to data linked to the Customer ID.
It turns out this is very important. If an anonymous person were to place an expensive and profitable item in their basket and then abandon the purchase due to a relatively small shipping fee the merchant would love desperately to email the customer with opportunity to reengage the process but with a waived shipping fee. This is but one example of why personal data is often mapped to Analytics cookies, but in large measure you are pretty safe in assuming that if you told a site who you are, they have mapped that data to their analytics cookie.
Extending Analytics View
The trick with analytics has become that merchants want to interact with and recognize their customer off their own site. Much of this discussion is tied to previous discussions of Ad Reporting, but Analytics Tags which are typically just 1x1 pixels may be placed into advertisements without any noticeable change to the ad itself. This allows merchants to recognize who of their identified customers have seen their ads and where they have been seen. This is obviously very important in evaluating where your ad dollars should be spent.
1st and 3rd Parties
Analytics comes in a number of flavors and a number of providers most are typically 3rd party to the merchant in that they are a different actual company than the merchant. Many offer like Google and Omniture offer "1st party" solutions where the actual cookie is set initially in a first party context on the the merchants domain. Of course the determination of "is this a 1st party cookie" is a little up in the air when the same cookie appears in an ad on a publisher site.
Who collects the data/Who owns the data
As with all 3rd party service providers there is an unknown from the consumer standpoint of who owns and who controls the data. When a 3rd party service provider collects data for a merchant, clearly that provider is the initial controller of such data, because they are the ones that record it on their servers but if they do so strictly as an agent of the analytics customer or what independent rights the provider has to such data is a another question, a question only answered by the contract as between the service provider and the licensee.